Whenever you are creating a web site using Joomla CMS you need to check your security! After I finish my projects, I make sure to check these crucial 15 points to keep the site(s) build with Joomla protected!
Joomla Security Checklist:
- Don’t use the default super admin username (admin, administrator or root). Change it!
- Change admin password with a very strong one. You can use the build-in password generator in CPanel.
- Create a new user, give it super admin rights, then delete the old admin account (optional). This is for changing ID of the admin user (before 2.5.5 Joomla version).
- Block access to the admin panel by using special .htaccess file.
- Delete unnecessary extensions. This way you will improve your site’s speed and improvements as well!
- Rename htaccess.txt file to .htaccess and make sure RewriteEngine is set to On.
- I recommend to install Akeeba Backup extension, which will backup your website with one-click. Set time for the server and for the admin user.
- Look in your website structure about unwanted files and delete them (.psd files, project files, etc.)
- Make sure you have latest version of Joomla! If not, update! It’s a must!
- Check configuration.php file permissions. Set it to 644, or much better to 444.
- Do not use the standard jos_ table prefix. Change it quickly!
- Remove version number/name of the extensions. Remove Joomla! version number.
- Remove Joomla! meta generator tag.
- Use a SEF component (see some here). Modify the new path to /log and /tmp folders.
- Moving sensitive files outside the web root.
Our Joomla Security Checklist will allow you to be always protected and indulge in new web design and SEO projects instead of recovering a hacked site!
To expand your Joomla CMS knowledge you can watch our course dedicated to Joomla!